DMARC Explained

by | Last Updated Aug 26, 2020 | Hosting | 0 comments

In this blog post, I will help you to configure DMARC records through your DirectAdmin control panel.

Both DKIM and SPF used to authenticate emails.

So, What Is DMARC?

Domain-based Message Authentication Reporting and Conformance or DMARC is not an email authentication method like DKIM and SPF.

Instead, DMARC leverages DKIM and SPF to perform a more advanced check on each email received.

As a domain owner, you can define its authentication procedure with DMARC. This is known as a DMARC policy.

With DMARC, the policy instructs an incoming server on what to do if the email fails to pass the DMARC test.

Now let’s quickly understand how SPF and DKIM work to authenticate emails.

With SPF records, you can specify which IP addresses can be used to send emails on your behalf.

If the sender’s IP mismatch with one of the IPs and domains from the SPF record, the SPF check fails.

DKIM is a digital signature for emails.

The DKIM holds the headers and body of an email message that hashes with a specific method and encrypted with a private key.

The receiver’s email server can recreate the values with a public key and compare it against the signature the server received.

The DKIM check fails if the values mismatch.

DMARC needs at least one of these SPF or DKIM record checks present.

The Benefits of DMARC

DMARC is the most effective weapon against spoofers.

Imagine, a cybercriminal sees your domain is configured correctly with a DMARC record.

Then this cybercriminal would likely give up on trying to spoof your domain.

Do you know why?

They understand that their possibilities of succeeding are near to none, so they often won’t even try to spoof it.

Email receiving servers know that emails coming from DMARC-secured domains are likely to be legit.

How to Configure DMARC in DirectAdmin?

Both SPF and DKIM will be configured automatically. But, you will need to set DMARC records manually.

Don’t worry; it is very easy to set up. Follow this instruction.

Log in to your DirectAdmin account.

DirectAdmin DNS Management Icon

Click on the DNS Management icon under the Account Manager category.

In the DNS Management page, click on the Add Record button.

A popup window will appear now.

DirectAdmin Add DMARC Record

Now choose TXT from the Record Type drop-down menu.

Select DMARC from the TXT Record Type option.

Most of the fields would be pre-populated there. However, we can still modify it based on your requirements.

I have listed the values so that you can make use of it.

Record Type: TXT

Name: _dmarc

TTL: 14400

TXT Record Type: DMARC

Domain policy type: I recommend to use Quarantine. But please see the three options below.

None – It means that the email must be treated as same as if there no DMARC record available. Here messages may get delivered or flagged as spam or get rejected; all these will happen based on other factors.

Quarantine – it allows emails but won’t deliver to the inbox. Usually, these emails would go to the spam/junk folder.

Reject – reject the failed messages right away.

Subdomain policy type: Same as domain

Aggregate Email (RUA): Your Primary Email Address

The email would contain high-level data about the reasons for failures but won’t give you any details.

Forensic Email (RUF): Your Primary Email Address

With Forensic Email, you can get detailed individual forensics reports of failed emails.

Report Format: Authentication Failure Reporting Format

Reporting Interval: 86400

Percentage: 100

Alignment mode for DKIM: Relaxed

Alignment mode for SPF: Relaxed

At last, the Value field will show you the actual DMARC policy that is going to be added. If you wish you can modify it.

Now once you are satisfied with the inputs, click on the Add button and DirectAdmin will save and publish the DMARC details.

How to Verify the DMARC Configuration?

Verifying DMARC, SPF and DKIM setup is relatively easy.

One of the easiest ways is to use MX Lookup.

Visit MxToolbox and input your domain name and hit the MX Lookup button.

MX Lookup DMARC Passed

You can then see the result.

We engineered our cloud infrastructure with Performance, Speed, Scalability and Security in mind.

That’s why we built Rovity with AWS, CloudLinux OS, DirectAdmin and LiteSpeed Web Server.

Come and experience the next generation of shared hosting on the cloud

By Gifty Antony

Gifty is passionate about Web Development and connected with various communities. She loves WordPress.

Check Out These Related Posts

TLS vs SSL: What’s the Difference?

TLS vs SSL: What’s the Difference?

SSL and TLS; both are security protocols that help you securely authenticate and transport data across the Internet. But what is the difference between SSL and TLS? Do you need to worry about the differences between free SSL and TLS? In this article, I will help you...

read more
We Are Migrating to AWS and LiteSpeed Web Server

We Are Migrating to AWS and LiteSpeed Web Server

Ever since our inception, we have been keeping upgrading ourselves to serve you better. And this time, we are upgrading to AWS, Amazon Web Services. Along with AWS, we will switch to LiteSpeed Web Server.Current LimitationsCurrently, we are hosted with a traditional...

read more

0 Comments

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *